Bitcoin Forum

Hello,

is it dangerous to type your seed on a keyboard in to the electrum wallet?
How likely is it, that someone can track your seeds?
Should we only use a new installed computer before we do this,
and disconnect from the internet?

I`m scared to type the seeds again in to my laptop.
Can I send my coins safely  to a ledger s without reopen my electrum wallet?

If your computer is 100% clean, there should be no issue doing it. HOWEVER, and it's a big however, would you really risk your funds? Seeds should only be typed once; to recover a wallet and sweep it into another safe one; discarding said seed for security reasons.

There is no law prohibiting you from re-using a "burnt" seed, but same question again; would you really risk your funds over a slim chance of losing them?

Answering your last question; you can move funds on electrum without typing the seed again, you only need the wallet file and the password. If you don't have any or one of those, you'll have to type the seed to restore the wallet (and moving the funds out of there ASAP).

Why do you need to retype your seeds? ??? Did you delete your Electrum wallet file? ???

If you still have the wallet file, you should be able to open it with Electrum without needing to enter your seed. Then you can simple connect your Nano S to Electrum using the "New/Restore -> Standard wallet -> Use a hardware device"... and send all your coins from your old wallet to an address from your Nano S wallet.

Ok. Thank you. Never heard, that we should only use a seed onetime.
But what is about Meta Mask? There you only have a seed. And I don`t like to
have it all time on my computer. I only install it when I need it. So I have to type the seed in.

For Electrum I have the wallet-files on several usb-sticks.
But so I must type the password into electrum to get my funds on ledger, right?
Is this safer than typing the seed?

Metamask is an application for Ethereum, which runs importing the private key if things have not changed; nothing to do with seeds or Bitcoin.

May I ask how you store the key you inport in metamask? Keeping a digital copy of any private key is a perfect way of loosing your funds...

You must type the password to access the wallet file, and to confirm the transaction. You should also proceed very carefully when typing it; but the attacker would need to either have remote access to your computer to create the transaction there, or a copy of the wallet file. If he gets access to the seed, he just needs to recover and sweep. In both situations you can end with a balance of 0, but the way to it is a bit different.

Even if I despise Ledger, you could install Ledger Live if you are going to be operating on multiple currencies, you can control everything from there (the hardware device).

What is your favourite wallet?
How do you store your bitcoins?

But why is it so dangerous using a seed several times?
You also do this with passwords on websites (bank account, paypal,...)
I never change my passwords on websites.

BTW I don`t have a problem using electrum.
And I would love to just keep my funds there.


But If ledger is safer, why should I use electrum?

Because your computer might be infected, someone might be watching and you can never be 100% sure.


Because if someone try to make a HUGE transaction cleaning up your bank account from an unkown location with your bank account password, the bank security system will detect it as a probably fraud and will block your account. There is no similar security system in the bitcoin network, as you are the only responsible for your funds safety

You can use both at the same time.
Ledger is a device. It is a safe way to generated your seed. It will be genereted inside the device. The seed will never even touch your computer screen.

You can plug the ledger nano device in your computer and use it with electrum software to make transactions.

You should use electrm because it allows more control over your private keys, addresses, UTXOs, etc.

For example, Electrum allows you to choose from which address you would like to spend. It also allows you to fully customize fees.




My favorite wallet is electrum, and I use it with my ledger nano. Ledger nano hold the keys, and the electrum is the interface I use to manage the keys.

Ok. So you recommend using ledger and electrum at the same time?
And never Electrum alone?

Guess, I´ll buy some ledgers. Do you recommend to safe
bitcoins in several ledgers or is one safe enough?
Example 1 Bitcoin in the first Ledger,
1 Bitcoin in the second ledger, and so on.

Thank you.

Depends heavily on your operating system and the kind of programs that you installed on it.

If you are using Windows and you have a bunch of bloatware installed like registry cleaners, system "scanners", random accessories and other stuff that you downloaded from sites riddled with ads, then I would think twice before typing your seed in such a system. By definition, when there's a lot of bloatware on your system, chances are there is at least one spyware running in the background without you knowing. Unfortunately, companies that make free ad-supported Windows apps sometimes don't care about whether it can be exploited to do malicious things.

If you are using a Windows box which you have not installed random stuff on, or a Mac or Linux box, odds are very likely that your system is perfectly clean and nothing malicious is installed on it. But if you're paranoid then disconnecting from the internet while you type your seed should make you less apprehensive (though as I said there's likely nothing malicious running in the first place, or else you'd notice erratic operating system behavior!)


I'm probably riding against the tide most people are on here, but-

Again, as long as you know your system is clean, nothing's going to happen if you type your seed again or if you use Electrum by itself.

As long as you're not holding substantial amounts of bitcoin, Electrum by itself on a properly cared-for system is just fine Even if you're holding lots of money on a Ledger Nano S for example, then you need to plug it into a computer running Electrum to spend bitcoins inside it anyway. So in that particular case you'd need to use both of them.

That is completely up to you; but if you want to further segregate funds, you can set up a passphraze instead of buying multiple devices. I'm not 100% sure electrum allows this feature, as I've never tried to do such a thing there; but Ledger Live may just do the trick for that.

If you believe your device is compromised then you should move your funds to your hardware wallet asap or use Electrum to create an offline wallet.
Here is a detailed guide on how to set up a cold storage wallet using Electrum:
https://electrum.readthedocs.io/en/latest/coldstorage.html
This way, you will not have to expose your seed or your password every time you need to create a transaction.

Ok. Thank you.
Guess I`ll buy a new laptop only for bitcoin-transactions.
And not using a ledger.
I think this is safe enough. But, yes, I`m paranoid.
Too much worry about unlikely things.

One device is enough

You can create multiple seeds with the same device. Just keep them safe in a price of paper. Never type them in any computer.

I suggest that you study more about bitcoin before buying substantial amount.
I think antonopoulos videos in YouTube or his book mastering bitcoin is a great start.

Disconnecting your internet when using Electrum is not sufficient. If you want to be foolproof, you have to set up a dedicated computer that doesn't go online and handles all your transaction signing. It is also known as an airgapped wallet. Those are slightly fussy to maintain and use but are fairly safe for most use cases.

If you want to have the convenience and not worry about leaking your sensitive information, you should be looking at hardware wallets. They can be used with any online computers as the seeds are kept within the device and it won't be leaked to the online computer. For newbies, it'd be far more convenient to use a hardware wallet instead of a cold storage. Both can be used with Electrum but it depends on which route you want to go.

It does. Electrum supports additional passphrases both on software wallets you have created or restore via Electrum, as well as opening different wallets using different passphrases which you input in to your Ledger device.

Better to be paranoid and safe than lose all your coins. If you need to save some money, you could also buy a Raspberry Pi for $40-50 instead of a whole new laptop, provided you have the necessary hardware (monitors, keyboards, etc.) to get it working.

Whichever route you go, the most important steps are to format the new device once you get it, keep it permanently offline (physically unplug any connectivity hardware if you can), choose an open source Linux distro and verify it before installing, verify Electrum before installing, and to download these on a different device and transfer them to the new device via removable media.

In theory this is completely irrelevant.
If your device is compromised, it is compromised. Regardless of whether you enter the mnemonic code into an application or open your wallet file.




Do you mean that you use the same password across multiple sites? If that's the case, you might want to overthink what you are doing... That's definitely not the proper way.

It is "more dangerous" to enter the mnemonic code multiple times if you enter them into different devices or if there is a risk that your device got compromised in the meantime.


I think a hardware wallet would be a better alternative for you. It is easier to use than an offline setup and less error-prone.

Hello

can I just copy the private keys form electrum into ledger nano,
instead of sending the bitcoins to it, to avoid fees?
Or is that the worst way to to it?

If it's doable (which I doubt), it would most definately be the worst way to proceed. If fees are an issue for you, you could always try sending at 1 satoshi/byte; and even if it takes a long time (some days) to confirm, you'll be paying the least you could (this is usually a few thousand satoshis at most 0.00001000-ish)

No, you can't do that... Ledger Nano does not have the ability to import private keys because, as you have already guessed, it is indeed the worst way to do it...

The entire premise of a hardware wallet, is that the seed and private keys are only ever generated/stored within the device itself (aside from your offline/paper backup of the 24 word backup phrase). If you take a seed or keys that were generated elsewhere, and import them into your hardware wallet, there is no way of knowing if that seed or private keys were potentially exposed since they were created.

Fees are currently relatively cheap in the 10sats/byte range... don't risk your coins for the sake of a couple of bucks worth of fees! :o

to create a new wallet you have to type the new seed in again. it's a part of the wallet creation process. so you can't get away from typing the seed in.

But you actually can. Hardware wallets don't require typing them (IIRC), and if you are using electrum, you could just type the first letter of the word and click the right word on the suggested word list. If an attacker had some spyware on you, he'd only have the initial letter of each word, and getting the right seed from that is a close to imposible task.

Trezor (don't know which models exactly) require to type in the mnemonic code into your PC to actually restore it on your hardware device.
However, the words get shuffled, which makes it not trivial to gain access to the correct mnemonic code (24! = 6.2 * 10²³) possibilities.



If you type the first letter, there are only a few possibilities left.
So it mathematically should be quite easy to recover the correct mnemonic code with only ~4-10 possible words per position.
 
And further, if your computer is compromised, you should also assume that the attacker sees everything you do. This includes mouse movement.

How did you arrive at 4-10 words per position? Given that there are 2048 words in the BIP39 word list, then there are on average 2048/25 = 81.92 words beginning with each letter, since it does not use any words beginning with "x". 81²⁴ is 6.36*10⁴⁵, which is still outwith the realms of brute forcing. You could get very unlucky and have a seed phrase with 3 or 4 words each beginning with under-represented first letters such as "y" and "z", but I still don't think it would bring the overall difficulty down enough to be able to be brute forced.

If you consider the first two letters of each word, then your range is between 1 and 48, with words beginning with "re" being the most common. That would potentially be breakable depending on the precise words in your seed phrase.

By miscalculating by the factor 10 in my head.

It indeed seems to be somewhat the same order of magnitude as 24 words in an unknown order.
Nonetheless, this is quite irrelevant in the case when a secret has to be entered on a (potentially) compromised computer. Especially when the input is being processed by a software wallet instead of a hardware wallet.

Thank you all for the helpful informations!

My Eelectrum-Wallet-Dat-Files are created in 2019,
how long are they usable in newer electrum versions?
Or are they never run out of compatibility?

And how likely is it that somebody can load
the dat files from an inactive usb-stick or external
harddrive without connecting it to a computer?

Because I heard that there are possibilitys to load files
from computer which is switched off.  :o
Maybe I should delete all my wallet-dat-files and just
have the seed?

They should always be usable.
Of course no one can guarantee what will happen in the future. But you will always be able to simply download an older version of electrum which works with your current wallet file to export the private keys or sign transactions.




This sounds a little bit like sci-fi to me.
I personally never heard of a practical attack vector where someone can "load" data from a flash memory without accessing it physically.

I mean, you wouldn't need to connect it to a computer.. but you definitely would need to connect it to a device.




You can simply use encryption. Electrum offers you to encrypt your wallet file.
That's sufficient in your case.

If you however don't need your wallet on your computer, you are free to delete it.
Physically storing the mnemonic code is sufficient in this case.

Ok. Yes I`ve protected the wallet-files with a good password.
What happens If someone would steal the wallet-files,
is it possible to brutforce the passwords?

It depends on your password.

Did you choose a 4 char password? Then yes.
Did you choose a 12 char password with numbers only? Then yes.
Did you choose a 40 char password which is a common phrase (e.g. from a book)? Then yes.
Did you choose a somewhat random password with either at least 12-15 chars (letters only) or 10+ chars using letters, numbers and special characters? Then no, it can't be efficiently bruteforced.

When you import an old wallet file into a new version of Electrum, it will be converted to the newest format. However, new wallet files can't be read by older versions of Electrum (in case they use different formats).
https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES
This is why it is always adviced to download the latest version and save your wallet's seed somewhere safe.

Yeah... on the Trezor ONE, you have to enter via the recovery process on the PC: https://wiki.trezor.io/User_manual:Recovery__T1#Recovery_process

It does only require entering 1 char and will provide a dropdown list of words to select from etc... and in a random word order.

They also have the "advanced recovery" process where you can click in a 9x9 box (similar to the PIN entry) to "type" the word by selecting an incrementally more specific letter sequence... The example they use is entering the word "Heavy", where you select: "H-L" --> "HA-HE" --> "HEA" --> "heavy"... which helps obfuscate things even more: https://wiki.trezor.io/User_manual:Advanced_Recovery